What’s Hot in Cyber?

We’re now a month into 2018 and, as usual in this industry, things continue to change. New attacks, major vulnerabilities, technologies for defenders, and industry players are the norm. We wanted to take a step back and share a bit about the new things we are tracking for this year.

Government Scrutiny of Privacy / Security Issues Ramps Up

During 2017 there were a number of mega-breaches that generated increasing levels of scrutiny on data security and privacy matters from the public sector. If your organization has a big enough security breach, it seems like you now end up testifying in front of congress (in the US). As a result, it looks like the stage has now been set for cyber legislation – but only if congress can fit this into their agenda.

Meanwhile a very strong data privacy law, known as the General Data Protection Regulation, becomes enforceable in May. This law, passed by the European Union, has ramifications that reach across the globe. The law protects the privacy of European citizens’ data, no matter who is keeping it. That means that any US based businesses that have personal data of EU citizens need to comply or risk hefty fines (up to 4% of global revenue). This has left many businesses scrambling to become compliant because the stakes are high.

Aside from those areas, the industry is still trying to figure out how to protect digital assets in the cloud. The new reality is that the cloud enables shadow IT to stand up their own systems, outside of the purview of normal IT – and that is a dangerous thing. This has lead to the rise of a new class of software know as CASB – Cloud Access Security Broker. These are similar to traditional DLP (Digital Loss Prevention) software, but more focused on locking down access to cloud providers such as Dropbox and Google Drive. We expect to keep hearing the CASB buzzword more and more over the next year.

Making Existing Data More Useful

Security organizations can potentially fall into the problem of having much more data than they can possibly utilize. On our penetration testing engagements, for example, often times our activity can be found in various logs across the target network, but it isn’t being surfaced to the security staff in a timely enough way to get immediate attention. That’s where a new technology called User and Entity Behavior Analytics comes into play.

The idea behind UEBA is to use software algorithms, potentially including machine learning, to construct a ‘baseline’ for normal behavior on your network. That baseline is then used to detect anomalous behavior. The UEBA software would ingest data from system logs, IDS/IPS systems, and av / endpoint defense products and then create a reliable feed of high quality alerts for SIEM type tools. If UEBA lives up to it’s promise it could make a huge difference for defenders, but these tools are only beginning to be adopted.

In related news, Google parent company Alphabet recently launched a new cyber security startup called Chronicle. While details are still thin, GOOG has said “the information that security teams need to identify and investigate attacks is right there in an organization’s existing security tools and IT systems, but it’s hidden in enormous volumes of data and therefore can’t easily be seen, understood, or used.” That sounds like it could be quite similar to UEBA. Given Google’s skill with cyber security issues, combined with big data type analytics, this could really be a big deal. Google has said that more details will be out in the coming months – so we will see!

What are you tracking?

These are the things that are on the top of our radar as we’re digging into the new year. The constant change is one of the most exciting things about the information security industry, but you have to keep up!